FortiOS Local Security Checks : Fortinet FortiWeb CSRF Vulnerability (FG-IR-16-010)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.105795

Category: FortiOS Local Security Checks

Title: Fortinet FortiWeb CSRF Vulnerability (FG-IR-16-010)

Summary: Fortinet FortiWeb is prone to a cross-site request forgery; (CSRF) vulnerability.

Description: Summary:
Fortinet FortiWeb is prone to a cross-site request forgery
(CSRF) vulnerability.

Vulnerability Impact:
The vulnerability could allow attackers to change admin
password with crafted forms.

Affected Software/OS:
Fortinet FortiWeb versions prior to 5.5.3.

Solution:
Update to version 5.5.3 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4066
BugTraq ID: 91768
http://www.securityfocus.com/bid/91768
http://www.securitytracker.com/id/1036194

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.105795
Category:	FortiOS Local Security Checks
Title:	Fortinet FortiWeb CSRF Vulnerability (FG-IR-16-010)
Summary:	Fortinet FortiWeb is prone to a cross-site request forgery; (CSRF) vulnerability.
Description:	Summary: Fortinet FortiWeb is prone to a cross-site request forgery (CSRF) vulnerability. Vulnerability Impact: The vulnerability could allow attackers to change admin password with crafted forms. Affected Software/OS: Fortinet FortiWeb versions prior to 5.5.3. Solution: Update to version 5.5.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4066 BugTraq ID: 91768 http://www.securityfocus.com/bid/91768 http://www.securitytracker.com/id/1036194
Copyright	Copyright (C) 2016 Greenbone AG